Millions of people use security company ADT to protect their home or business. And yet their cybersecurity may have been compromised in the latest high-profile breach from hacking group ShinyHunters.
The website Have I Been Pwned reports that a ShinyHunters data breach included 5.5 million unique email addresses associated with ADT customers. ADT says that customers’ payment information wasn’t compromised.
Still, the company confirmed that the breach included customer names, phone numbers, and addresses, as well as Social Security and Tax ID numbers in a minority of cases.
“ADT’s cybersecurity systems detected unauthorized access to a limited set of customer and prospective customer data on April 20,” reads an ADT blog post confirming the breach. “The company’s response protocols activated immediately — terminating the intrusion, launching a forensic investigation with leading third-party cybersecurity experts, and notifying law enforcement.”
Mashable Light Speed
ShinyHunters told Bleeping Computer they gained access to the ADT Salesforce account by compromising an employee’s Okta SSO login credentials. Bleeping Computer added that the hackers used voice phishing. The recent Panera Bread breach, also traced back to ShinyHunters, reportedly also involved SSO phishing.
Okta, a popular SSO service provider, recently warned about the prevalence of voice phishing attacks (also known as vishing) in a recent blog post, which included tips for guarding against these cyberattacks.
ShinyHunters is a prolific hacking organization. In recent months, the group has also been responsible for high-profile breaches involving Rockstar Games, Crunchyroll, Salesforce, Bumble, and others. Ransomware attacks may result.
In a typical ransomware attack, the hackers threaten to release or sell leaked customer or company data on the dark web unless the compromised organization agrees to pay a ransom.
Want to learn more about getting the best out of your tech? Sign up for Mashable’s Top Stories and Deals newsletters today.
